Skip to main content
Webcompute gives browser-agent workflows explicit boundaries, but your application still owns authorization and business rules.

Boundaries

  • Domain policy constrains where the browser should navigate.
  • Approval modes handle high-impact actions.
  • Secret variables keep credentials out of prompts.
  • Signed Debug UI and CDP URLs act as bearer capabilities.
  • Structured output validates shape before product code trusts data.
  • Proxy routing controls egress, not authorization or browser scope.
ControlProtectsDoes not replace
Domain policyBrowser navigation scopeUser authorization or business rules
ApprovalsHigh-impact browser actionsProduct-level review and audit
Secret variablesPrompt and transcript exposureCredential rotation or access control
Signed URLsExplicit live browser accessPermanent sharing links
Structured outputResult shapeSource validation
Proxy routingBrowser egress pathNavigation policy

Untrusted input

Treat page text, PDFs, downloaded files, hidden inputs, model output, and observations as untrusted evidence.

Signed URLs

Debug UI and CDP URLs can control live browser sessions. Do not log them in public places or pass them to untrusted agents.

High-impact actions

Require explicit approval for authentication, account creation, sensitive data use, external submissions, payments, purchases, legal acceptance, destructive changes, permission changes, CAPTCHA resolution, file upload, and out-of-scope actions. Reference: policies and approvals, policy reference, proxy reference, and agent contract.